Are employees helping hackers and hurting your Cybersecurity efforts?
Most of your employees know better than to send a password via email or open a strange document from someone they don’t know. They are careful about what is posted, or at least they think so.
In a recent review of Facebook posts of individuals posting photographs while they are at work, about 20% of the photographs show an ID Badge or include details about the software that they use, in their social media posting. Do you remember the Ice Bucket Challenge of a few years ago? In a significant number of those posts, you could see the layout of the office, programs running on the computers, emails on screens, confidential data in documents, login credentials, and more.
Below are some helpful tips to help you and your employees improve your Data and Cyber Security efforts:
- Watch What You Say! When creating an out-of-office message, don’t use this type of message: “I am out of the office for my 2-week honeymoon. If you need assistance, contact Jim Smith at JSmith@Acme.com. He is my manager that can help you with anything. See you in 2 weeks! “. You are telling not just the sender of the email that you are out of town, but identifying the person that can act on your behalf. With this information, someone could pretend to be you and request sensitive data.
- Job Postings Give Away Too Much Information. Did you ever notice that job postings can tell you all about their internal software that is used? This gives an attacker insight as to the internal workings of your business and can create a phishing campaign to lure victims based on the software they are using.
- Email Signatures. Did you know that the majority of email signatures contain all the contact information about you and sometimes your actual signature. This could be duplicated when sending a phishing email using a spoofed email address (looks like you but it really is a different address).
- Caller ID. Caller ID Spoofing and SMS (text) spoofing are growing as this is fairly easy for hackers to perform. Be careful if the Caller ID shows a similar name, like HR or IT departments. Be sure to ask questions before providing any sensitive information over the phone.
- Remote Connections. Over the past several years, computer users get a pop-up telling them that Microsoft has found an issue or infection with their computer and provides a phone number to call. This isn’t Microsoft, but a hacking company. Now, computer users are getting phone calls from the IT department asking them to open a web browser and enter a weblink to give the callers access to their computers. The hackers can then steal documents and information about your network security.
- Social Media. Some people post everything they do on social media – their meals, drinks, work life, everything. They talk about what happens at work and the people they work with. This has been shown to happen with younger employees who grew up on social media and do not understand the data security risks. Companies need to make sure that employees are properly trained as to the potential risks and dangers.
- Physical Security Devices. If your business does not have up-to-date security software and a physical firewall, you can be opening your business to infection or a data breach. Properly protecting your business means physical security (deadbolts, security locks), network security (firewall, security software, software security levels), and web browsers (education to staff members on what not to do on the internet).
- Education. All aspects of Data & Cyber Security need to be a part of your business training. Technology is changing every day and we need to be prepared for how to best protect our businesses.
Founded in 2003, ELIJAH is a multi-award-winning leader in providing expert digital forensic, data security solutions, and managed IT. ELIJAH is owned and managed by former litigation partners and is an efficient boutique digital forensic, cybersecurity and IT solutions provider that makes clients’ lives easier through effective communication and white glove service. For additional information, please visit https://www.elijaht.com or call 866-354-5240.